You might be asking what’s inside this tiny USB cable to make it susceptible to such attacks. That’s the trick: inside the shell of the USB ‘A’ connector is a PCB loaded up with a WiFi microcontroller — the documentation doesn’t say which one — that will send payloads over the USB device. Think of it as a BadUSB device, like the USB Rubber Ducky from Hak5, but one that you can remote control. It is the ultimate way into a system, and all anyone has to do is plug a random USB cable into their computer.

In the years BadUSB — an exploit hidden in a device’s USB controller itself — was released upon the world, [MG] has been tirelessly working on making his own malicious USB device, and now it’s finally ready. The O.MG cable hides a backdoor inside the shell of a standard, off-the-shelf USB cable.

The construction of this device is quite impressive, in that it fits entirely inside a USB plug. But this isn’t a just a PCB from a random Chinese board house: [MG] spend 300 hours and $4000 in the last month putting this project together with a Bantam mill and created his own PCBs, with silk screen. That’s impressive no matter how you cut it.

Future updates to this cable that will hack any computer might include a port of ESPloitV2, an Open Source WiFi controlled USB HID keyboard emulator. That will bring a lot of power to this device that’s already extremely capable. In the video attached to this tweet you can see the O.MG cable connected to a MacBook, with [MG] opening up a webpage remotely.

do you require a password every time you plug in a USB device? If so, the OPSEC is strong with you! and you hope that you never need to plug in a USB keyboard. Other than that this seems as if the most probable use case is being plugged in while the user is logged in and physical access is not required as it is a wifi device.

It could be designed to monitor the USB voltage with a say a 16-bit SPI ADC chip, centre tapping between two 10 mega ohm resistors across the USB Vcc and GND. With the processor entering deep sleep between each sample say every 5 or 30 minutes, monitoring the peak, average and minimum voltages for a number of days, slowly characterising the usage profile of the computers owner(s). It could monitor the USB voltage and not initiate it’s own USB functionality until the power usage was at a minimum (voltages at maximum, i.e. no one is using the computer.). At 16-bits, even if there was a dedicated LDO (Low-dropout regulator) for every USB port in the computer, some side channel usage information would still leak and could be monitored.

Would you notice if a new device was connected to your computer if you were not there to see the device connected ?

I was thinking along these lines for some sort of basic OPSEC, that each connection needs to be authorized along with providing details about what the device announces itself to be.
But in the case of a USB keyboard being used as an attack vector, placing it in a keyboard would break this model.

For highly secure systems, it seems that these needs to be a procedure to validate the hardware that will be connected then disallow any new hardware from being used. I think this would be pretty easy at the OS level and that may be enough for most cases. That wouldn’t stop the USB Killer or something that tries to exploit a USB host controller but I guess it would be a start.

Not surprising. I have a TP-LINK TL-WN725N WiFi dongle that’s just a USB Type A connector with a 6.63 x 7.1 x 14.93 mm plastic housing. Wouldn’t be surprised to find the actual PCB and electronics are no taller or wider than the dimensions of the metal part.

Last time I got one of those marketing “Plug me in” USB devices that just spew “WIN+r http:///www.example.com” from a HID device. Linux blocked it completely. Which was annoying as I wanted to subvert it to doing something else.

Instead of showing up as a new HID device, the device can simply inject keystrokes when the real keyboard is not in use. You could put a logger inline real keyboard and would play back stored keystrokes when a special command string is received. Here is the first one I found on amazon. https://www.amazon.com/KeyGrabber-PS-KeyLogger-4MB-Purple/dp/B0076QL44W

4K$ search on Ebay wifi usb and will get mini dongles for 1.3$ and fits inside usb cable , only loading a new fw to those mini chinese dongles, a nice looking usb cable and should works , then 3998$ extra to buy a new laptop :)

Impressive work within the size constraints of the average USB A plug, but given that entire SoC systems can be fit on what used to hold a 16gb nand IC and aggregate controller in a flash drive, there’s a whole new world that could be created, given the need to do so.
My only question at this point would be…
Have they done so already, and to what benefit?